Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2026-04-23 17:06:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Thu Apr 23 17:06:37 2026 rev:385 rq:1348826 version:140.10.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2026-04-08 17:16:23.397547873 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.11940/MozillaThunderbird.changes 2026-04-23 17:11:08.344835720 +0200 @@ -1,0 +2,113 @@ +Tue Apr 21 20:37:58 UTC 2026 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Thunderbird 140.10.0 ESR + * Newly translated strings were not available in Thunderbird + MFSA 2026-34 (bsc#1262230) + * CVE-2026-6746 (bmo#2014596) + Use-after-free in the DOM: Core & HTML component + * CVE-2026-6747 (bmo#2021769) + Use-after-free in the WebRTC component + * CVE-2026-6748 (bmo#2022604) + Uninitialized memory in the Audio/Video: Web Codecs component + * CVE-2026-6749 (bmo#2022610) + Information disclosure due to uninitialized memory in the + Graphics: Canvas2D component + * CVE-2026-6750 (bmo#2023407) + Privilege escalation in the Graphics: WebRender component + * CVE-2026-6751 (bmo#2025883) + Uninitialized memory in the Audio/Video: Web Codecs component + * CVE-2026-6752 (bmo#2027499) + Incorrect boundary conditions in the WebRTC component + * CVE-2026-6753 (bmo#2027501) + Incorrect boundary conditions in the WebRTC component + * CVE-2026-6754 (bmo#2027541) + Use-after-free in the JavaScript Engine component + * CVE-2026-6757 (bmo#2013588) + Invalid pointer in the JavaScript: WebAssembly component + * CVE-2026-6759 (bmo#2016164) + Use-after-free in the Widget: Cocoa component + * CVE-2026-6761 (bmo#2017857) + Privilege escalation in the Networking component + * CVE-2026-6762 (bmo#2021080) + Spoofing issue in the DOM: Core & HTML component + * CVE-2026-6763 (bmo#2021666) + Mitigation bypass in the File Handling component + * CVE-2026-6764 (bmo#2022162) + Incorrect boundary conditions in the DOM: Device Interfaces + component + * CVE-2026-6765 (bmo#2022419) + Information disclosure in the Form Autofill component + * CVE-2026-6766 (bmo#2023207) + Incorrect boundary conditions in the Libraries component in NSS + * CVE-2026-6767 (bmo#2023209) + Other issue in the Libraries component in NSS + * CVE-2026-6769 (bmo#2023753) + Privilege escalation in the Debugger component + * CVE-2026-6770 (bmo#2024220) + Other issue in the Storage: IndexedDB component + * CVE-2026-6771 (bmo#2025067) + Mitigation bypass in the DOM: Security component + * CVE-2026-6772 (bmo#2026089) + Incorrect boundary conditions in the Libraries component in NSS + * CVE-2026-6776 (bmo#2021770) + Incorrect boundary conditions in the WebRTC: Networking + component + * CVE-2026-6785 (bmo#1935995, bmo#1999158, bmo#2015952, bmo#2021909, + bmo#2022026, bmo#2022041, bmo#2022088, bmo#2022276, bmo#2022335, + bmo#2022338, bmo#2022373, bmo#2022597, bmo#2022874, bmo#2023276, + bmo#2023544, bmo#2023551, bmo#2023599, bmo#2023608, bmo#2023814, + bmo#2024233, bmo#2024239, bmo#2024241, bmo#2024242, bmo#2024250, + bmo#2024251, bmo#2024343, bmo#2024422, bmo#2024425, bmo#2024440, + bmo#2024442, bmo#2024446, bmo#2024458, bmo#2024463, bmo#2024478, + bmo#2024650, bmo#2024653, bmo#2024654, bmo#2024655, bmo#2024656, + bmo#2024661, bmo#2024662, bmo#2024668, bmo#2024919, bmo#2025278, + bmo#2025349, bmo#2025350, bmo#2025354, bmo#2025360, bmo#2025363, + bmo#2025370, bmo#2025379, bmo#2025381, bmo#2025399, bmo#2025400, + bmo#2025403, bmo#2025407, bmo#2025415, bmo#2025420, bmo#2025427, + bmo#2025429, bmo#2025430, bmo#2025479, bmo#2025489, bmo#2025493, + bmo#2025497, bmo#2025502, bmo#2025515, bmo#2025517, bmo#2025526, + bmo#2025609, bmo#2025948, bmo#2025949, bmo#2025951, bmo#2025953, + bmo#2025955, bmo#2025962, bmo#2025969, bmo#2025970, bmo#2025971, + bmo#2025973, bmo#2025976, bmo#2025977, bmo#2026280, bmo#2026285, + bmo#2026293, bmo#2026296, bmo#2026310, bmo#2027237, bmo#2027260, + bmo#2027268, bmo#2027277, bmo#2027284, bmo#2027291, bmo#2027293, + bmo#2027298, bmo#2027330, bmo#2027342, bmo#2027345, bmo#2027359, + bmo#2027365, bmo#2027378, bmo#2027754, bmo#2027959, bmo#2027962, + bmo#2027964, bmo#2027971, bmo#2027974, bmo#2027979, bmo#2027982, + bmo#2027995, bmo#2028001, bmo#2028267, bmo#2028268, bmo#2028275, + bmo#2028288, bmo#2028290, bmo#2028291, bmo#2028528, bmo#2028551, + bmo#2028627, bmo#2028879, bmo#2028889, bmo#2029061, bmo#2029071, + bmo#2029283, bmo#2029296, bmo#2029314, bmo#2029323, bmo#2029411, + bmo#2029423, bmo#2029424, bmo#2029425, bmo#2029427, bmo#2029436, + bmo#2029440, bmo#2029449, bmo#2029450, bmo#2029458, bmo#2029462, + bmo#2029468, bmo#2029472, bmo#2029690, bmo#2029707, bmo#2029708, + bmo#2029728, bmo#2029802, bmo#2029896, bmo#2029906, bmo#2030106, + bmo#2030118, bmo#2030123, bmo#2030135, bmo#2030230, bmo#2030320) + Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR + 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 + * CVE-2026-6786 (bmo#2010727, bmo#2019004, bmo#2019224, bmo#2019547, + bmo#2020378, bmo#2022381, bmo#2022608, bmo#2022785, bmo#2023120, + bmo#2023128, bmo#2023140, bmo#2023279, bmo#2023836, bmo#2023882, + bmo#2023925, bmo#2023950, bmo#2023959, bmo#2023965, bmo#2024243, + bmo#2024245, bmo#2024247, bmo#2024253, bmo#2024346, bmo#2024357, + bmo#2024416, bmo#2024420, bmo#2024429, bmo#2024432, bmo#2024455, + bmo#2024466, bmo#2024468, bmo#2024476, bmo#2024664, bmo#2024666, + bmo#2024669, bmo#2024670, bmo#2024671, bmo#2024761, bmo#2024918, + bmo#2025292, bmo#2025332, bmo#2025348, bmo#2025384, bmo#2025395, + bmo#2025458, bmo#2025461, bmo#2025463, bmo#2025481, bmo#2025483, + bmo#2025485, bmo#2025494, bmo#2025506, bmo#2025511, bmo#2025513, + bmo#2025520, bmo#2026277, bmo#2026282, bmo#2026288, bmo#2026289, + bmo#2026311, bmo#2026312, bmo#2026869, bmo#2027152, bmo#2027161, + bmo#2027238, bmo#2027261, bmo#2027269, bmo#2027274, bmo#2027280, + bmo#2027281, bmo#2027300, bmo#2027302, bmo#2027331, bmo#2027339, + bmo#2027340, bmo#2027738, bmo#2027975, bmo#2028000, bmo#2028011, + bmo#2028289, bmo#2028525, bmo#2028728, bmo#2028887, bmo#2028888, + bmo#2028896, bmo#2029063, bmo#2029064, bmo#2029290, bmo#2029291, + bmo#2029294, bmo#2029300, bmo#2029304, bmo#2029316, bmo#2029317, + bmo#2029401, bmo#2029415, bmo#2029430, bmo#2029457, bmo#2029727, + bmo#2029735, bmo#2029743, bmo#2029752, bmo#2029754, bmo#2029776, + bmo#2029809, bmo#2030324, bmo#2030370) + Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird + ESR 140.10, Firefox 150 and Thunderbird 150 + +------------------------------------------------------------------- Old: ---- l10n-140.9.1esr.tar.xz thunderbird-140.9.1esr.source.tar.xz thunderbird-140.9.1esr.source.tar.xz.asc New: ---- l10n-140.10.0esr.tar.xz thunderbird-140.10.0esr.source.tar.xz thunderbird-140.10.0esr.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.VBcGN4/_old 2026-04-23 17:11:25.581533091 +0200 +++ /var/tmp/diff_new_pack.VBcGN4/_new 2026-04-23 17:11:25.581533091 +0200 @@ -30,8 +30,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.9.1 -%define orig_version 140.9.1 +%define mainver %major.10.0 +%define orig_version 140.10.0 %define orig_suffix esr %define update_channel esr %define source_prefix thunderbird-%{orig_version} ++++++ l10n-140.9.1esr.tar.xz -> l10n-140.10.0esr.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-140.9.1esr.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.11940/l10n-140.10.0esr.tar.xz differ: char 15, line 1 ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.VBcGN4/_old 2026-04-23 17:11:25.853544096 +0200 +++ /var/tmp/diff_new_pack.VBcGN4/_new 2026-04-23 17:11:25.861544419 +0200 @@ -1,11 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr140" -VERSION="140.9.1" +VERSION="140.10.0" VERSION_SUFFIX="esr" -REV_VERSION="140.9.0" +REV_VERSION="140.9.1" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140"; -RELEASE_TAG="427d792f23672fc4adbe9436ce7dddbb2bfb287a" -RELEASE_TIMESTAMP="20260404050724" +RELEASE_TAG="b23998b7b404ff8144a931ada5d315103d0cd932" +RELEASE_TIMESTAMP="20260417012335" ++++++ thunderbird-140.9.1esr.source.tar.xz -> thunderbird-140.10.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-140.9.1esr.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.11940/thunderbird-140.10.0esr.source.tar.xz differ: char 15, line 1
